Alerts and Advisories

RIT is seeing a recent increase in phishing attempts to gain access to myInfo/eBiz. Since last week, many attempts to gain access to myInfo/eBiz have been made. RIT employees (including student employees) who have not yet signed up for Multi-factor Authentication at RIT (MFA) are at risk, because the hackers are able to enroll usernames in MFA and gain access to protected accounts and information. We suspect that Friday’s phishing attempt was used to collect usernames and passwords.

We’ve received a spear phishing attempt (a phish targeted at a specific population) claiming that there is a security emergency on campus. The email asks the reader to access a linked REPORT and follow protocol. If you encounter this phish, please just delete it.

RIT Information Security Advisory—Ransomware on Campus

Last month, an RIT computer in one of the colleges was compromised by ransomware, leading to attempted encryption of files both on the computer and on network shares to which the computer was connected. Thanks to the diligence of support staff, the attack was detected and halted. Because the data was backed up, no information was lost in the attack.

The vector for this particular attack appears to be a malicious attachment received by email. The attachment was disguised as a mailing label.

A little over a week ago, RIT users were targeted in a phishing attack that masqueraded as important messages. The links provided in the email messages resembled our myinfo page.

Here’s one of the variants below. You’ll note that although the end of the link is myinfo.rit.edu, the first part of the link is to a location in Brazil. Clicking on that link would take you to the website that mimics myinfo.rit.edu, not to the RIT site.

The cyberattack on RIT and our users (you) by cybercriminals continues. The attack vectors and file names and types are changing rapidly. We’ll provide more information below on what we know so far, but we need you to do the following:

If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.

If you notice that you're receiving many undeliverable messages/bouncebacks in your email, change your password and contact your service desk.

Cyberattack on RIT

We’re not trying to sound overly dramatic, but we need you to read this alert and take action (and tell your colleagues and fellow students).

RIT and our users (you) are currently under attack by cybercriminals. We’ll provide more information below, but we need you to do the following:

If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.

Please submit suspected phishing/spam by creating a new mail note to spam@rit.edu and attaching the suspicious

RIT Information Security Alert--Job Scams!

RIT Public Safety contacted the Information Security Office about a recent job scam that has victimized RIT students. The students encountered the scam through what appeared to be an authentic job listing in the RIT Job Zone. (Note that the RIT Job Zone, like most college and university job boards, is administered by a third party.)

Why I’m Receiving This

RIT Students have fallen victim to a scam. We want to help you identify future scams.

RIT Information Security Alert: Important Message Phish

RIT email users have received another phishing attack that mimics an RIT official message. PLEASE DON'T CLICK ON THE LINK AND PROVIDE YOUR INFO! You'll receive many of these phishing attempts throughout the academic year. We won't be able to warn you about all of them.

If you've received a message with the Subject Line: RIT: Important... ...

RIT Information Security Alert: Phishing Attacks Targeting RIT

1. RIT community members are receiving requests to provide University Identification Numbers (UIDs). The attackers are posing as RIT community members who have forgotten their UIDs. The messages are being sent from external email addresses that mimic the RIT email addresses. (For example, STUDENTADDRESS@gmail.cominstead of STUDENTADDRESS@rit.edu.) Here’s an example of an attack message received: